[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: securing directories and binaries



On Fri, 2006-05-26 at 14:35 -0700, Florin Andrei wrote:
> On Fri, 2006-05-26 at 15:42 -0500, Arun Binaykia wrote:
> 
> > The DAC security model is not good enough. Because the user should be
> > able to run trusted processes (OO) and lowly trusted process
> > (gaim/yahoomessenger)(or a downloaded executable) at the same time. 
> 
> Sounds like SELinux is what you need. You probably have to build a
> custom policy.
> 
> http://fedora.redhat.com/docs/selinux-faq/
> 
> http://fedoraproject.org/wiki/SELinux

A fully custom policy might not be needed - the strict policy with a
local module defining the types for the documents and what's allowed to
access it might suffice, or the mls policy could be sufficient "out of
the box". I'd ask about this on fedora-selinux-list. SELinux is
definitely the tool for this job though.

Paul.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]